Hi,
I am new to ELK. I am configured single web servers to single logstash in production. Now i am add filebeat in different web servers but i don't know how to configure all web server access log into single logstash. Please help with logstash and filebeat configurations. I already read multiple search but still i don't have exact answer. Please help me.

Wherever filebeat is running point the ip and port (logstash ip and port).Make sure whatever the port you are using for logstash it should be open to take logss from filebeat machines.

#----------------------------- Logstash output --------------------------------
output.logstash:

The Logstash hosts

hosts: ["127.0.0.1:9600"]

Thanks mahesh. I am trying to connect with port 5044 to logstash from all servers. Does this work connect to single port from different filebeat servers

Yes it will work.port should be open in Logstash node.You can send logs from different beats nodes.

Mahesh,Please explain How to do logstah configure to read logs from different servers.

You have to write configuration in filebeat for each node (like log location and any additional fields ) once this is done, you have to write logstash filters in logstash filter section and redirect it to respective output.

- type: log
  enabled: true
  paths:  
  - C:\dummy\server1*.log
  input_type: log
  
  fields_under_root: true
  fields: 
   server: ABC

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.